version: '2.3'

services:
  kerberizedhdfs1:
    cap_add:
      - DAC_READ_SEARCH
    image: clickhouse/kerberized-hadoop:${DOCKER_KERBERIZED_HADOOP_TAG:-latest}
    hostname: kerberizedhdfs1
    restart: always
    volumes:
      - ${KERBERIZED_HDFS_DIR}/../../hdfs_configs/bootstrap.sh:/etc/bootstrap.sh:ro
      - ${KERBERIZED_HDFS_DIR}/secrets:/usr/local/hadoop/etc/hadoop/conf
      - ${KERBERIZED_HDFS_DIR}/secrets/krb_long.conf:/etc/krb5.conf:ro
      - type: ${KERBERIZED_HDFS_FS:-tmpfs}
        source: ${KERBERIZED_HDFS_LOGS:-}
        target: /var/log/hadoop-hdfs
    expose:
      - ${KERBERIZED_HDFS_NAME_PORT:-50070}
      - ${KERBERIZED_HDFS_DATA_PORT:-1006}
    depends_on:
      - hdfskerberos
    entrypoint: /etc/bootstrap.sh -d
    sysctls:
      net.ipv4.ip_local_port_range: '55000 65535'

  hdfskerberos:
    image: clickhouse/kerberos-kdc:${DOCKER_KERBEROS_KDC_TAG:-latest}
    hostname: hdfskerberos
    volumes:
      - ${KERBERIZED_HDFS_DIR}/secrets:/tmp/keytab
      - ${KERBERIZED_HDFS_DIR}/../../kerberos_image_config.sh:/config.sh
      - /dev/urandom:/dev/random
    expose: [88, 749]
    sysctls:
      net.ipv4.ip_local_port_range: '55000 65535'
